Run your own Skype-like service in less than one hour

By using open source and open standards you can build your own Skype-like service pretty easy. With this tutorial I am showing how to do it by using SIP (Session Initiation Protocol) - well known open standard protocol in Voice over IP world - by running Kamailio SIP server in the role of “Skype authentication server and super-node” and Jitsi in the role of “Skype client-side application”.

Both Kamailio and Jitsi are free and open source applications. Kamailio SIP server is developed to run on Linux/Unix servers and Jitsi is a cross platform application running on Linux, Mac OS X and Windows.

Prerequisites

To complete properly this tutorial, you must have:

basic knowledge of Linux administration and networking

one Linux server connected to Internet with public IP and if possible a nice DNS hostname - to be used to run the super-node.

Shortly, the changes done to downloaded kamailio.cfg file comparing with the default one 9the ones coming in the .deb package) are:

enabled support to connect to MySQL server

enabled user authentication

enabled persistent user location service

enabled NAT traversal and updated RTPProxy control socket parameter

enabled TLS support

edit /etc/kamailio/kamctlrc and set:

SIP_DOMAIN=_your_server_ip_or_hostname_
DBENGINE=MYSQL

My server IP used for this tutorial is 192.168.178.33, so the changes in /etc/kamailio/kamctlrc were:

SIP_DOMAIN=192.168.178.33
DBENGINE=MYSQL

create MySQL database needed by Kamailio, run:

kamdbctl create

You will be prompted for password of user root for MySQL server. Create all tables by entering 'y' to the options. Note that two MySQl accounts are created:

username 'openser' with password 'openserrw'

username 'openserro' with password 'openserro'

These users have access only from localhost, they can be changed in /etc/kamailio/kamctlrc before running 'kamdbctl create' (if you change thier values, then update file /etc/kamailio/kamailio.cfg accordingly)

add several users with kamctl tool, having the prototype:

kamctl add userid password

For example, adding user 'daniel' with password '1234qwet':

kamctl add daniel 1234qwet

In Skype, the client application is able to create new accounts, which is not possible in SIP with Jitsi application, therefore the user IDs have to be created manually on server with kamctl tool. Alternative, you can install Siremis and use it - this is a web-GUI management system for Kamailio.

You can add as many users as you want, change their passwords or delete them with kamctl tool.

Start Kamailio

Starting Kamailio is done via:

/etc/init.d/kamailio start

If you need to restart Kamailio at any time, just use:

/etc/init.d/kamailio restart

To be sure kamailio is running, run:

ps -fC kamailio

In case you have to go through home routers, be sure rtpproxy is running:

Kamailio at runtime

TLS Certificates

Kamailio is shipped with self-signed TLS certificates – these are used to encrypt the communication. It may cause a warning message to be displayed by SIP client applications when they connect first time to Kamailio SIP server.

In case you feel more confident, then you can generate your own self-signed certificates using tools from openssl toolkit package and replace those stored in /etc/kamailio/.

To avoid the warning, you can purchase TLS certificates from a trusted authority, such as Verisign.

Jitsi Installation

Jitsi is cross platform SIP capable application, very rich in features, supporting also what we need here for our Skype-like service:

Installation is specific for Operating System, but there are lot of pre-build packages, making installation straightforward.

Jitsi Configuration

The target is to do full secure communication. For that you have to make sure TLS is used to connect to Kamailio server.

You have to replace the IP of Kamailio server used in the testbed (192.168.178.33) with your own server IP or domain name.

First time when you start Jitsi, a window like next one appears.

You can enter username@yourip or username@yourdomain and the appropriate password in the upper-left form (note: Jitisi is a multiprotocol application, in this case we use SIP capability). The screenshot is taken for user alice.

After that, main window should appear. Next is to update the setting in order to use TLS.

Got to menu Tools⇒Options on Linux or Jitsi⇒Preferences on Mac OS X. Then edit the SIP account (screenshot taken for user john), and go to Connection tab:

You have to fill in the proxy details (uncheck first “Configure proxy automatically” option), with ip address, port and transport TLS. Note that the port is 5061 for secure communication over TLS.

Skype does end-to-end presence model, so we have to enable that as well in Presence tab.

Once done, click “Next” and you will see a summary of settings, click “Sign in” and Jitsi will register with Kamailio server. First time you may see a dialog box regarding the TLS certificate (because it was self generated and signed).

Click “Continue” and you should see again the main window.

Adding contacts

Contacts can be added via menu File ⇒ Add contact or right click on main window panel. A green bullet on the left side of contact name will indicate that the respective contact is online.

Once you have some contacts added, then you can start easily real-time conversations with any of them - when you select a name in the contact list, you will see the icons to start instant messaging, audio or video calls, screen sharing.

Audio call

One option to start a voice call is to select the contact and then click on the second icon (the green handset) displayed under the name.

Next screenshot shows the window displayed for an ongoing audio call.

The lock is closed when the audio stream is encrypted - you can compare the encryption signature (in this case 6ur4) with your partner to be sure that there is nobody in the middle listening to your call - if your partner sees a different signature then the conversation is 'taped'.

The horizontal bars show in green the audio level of the person speaking.

Video call

Video calls can be started by pressing the video camera button displayed under the contact name. It can be one way video or two-ways video communication when both parties have a web camera connected to their computer running Jitsi.

Instant Messaging

Next screenshot presents the instant messaging window.

Audio conferencing

Starting a conference call is done from menu Tools⇒Create a conference call.

You get the dialog box with the options to invite people in the conference call.

Once you started, you see the audio levels of the participants in the call.

Limitations

the list with contacts is not stored on server, Jitsi will store it locally on the computer it runs. That is possible in SIP by using XCAP server, aka SIMPLE extensions for SIP - Kamailio has an embedded XCAP server and Jitsi can use it. But then the presence communication model will not be peer-to-peer anymore, implying a presence agent server in the infrastructure network, thus a different architecture than Skype

since the recommended model of presence nowadays in SIP is SIMPLE specifications, Jitsi is not asking for allowing or denying peoples to see your presence states in the end-to-end model, one option being custom rules in Kamailio server. If you want to switch to SIMPLE presence model, read this tutorial.

Remarks

it took me less than 15 minutes to get the “super-node” Kamailio SIP server and Jitsi up and running, but I am very familiar with them. Anyway, it should not take more than one hour to install the client application on your laptop/desktop and the “super-node” on Debian/Ubuntu given the fact Kamailio has pre-build packages for these distributions

all the communication with the super-node is encrypted with TLS, nobody (i.e., your ISP) can read that

Voice and Video packets are encrypted very shortly after the call is established, because the negotiation of encryption keys happens at that moment. The encryption is end-to-end for this case, via secure RTP (SRTP).

it might not be the same easiness to create new accounts since the client application does not have the ability. But you own the supper-node and authentication server, thus you can use command line tools or web interfaces to create new accounts

all components are free and open source, the service is in your full control

if you wonder about scalability, one instance of default Kamailio 3.1.x can handle over 40 000 active TLS connection when it is configured to use maximum 2GB of memory – further tunings on software nd hardware can be done to increase capacity

there are other SIP phones that support encryption, audio or video calling, in form of application (free/open source or commercial) or hardphones, see a list here. Several of them can run on smartphones as well.

you can communicate with people using other installations like this one by calling username@remote_server_ip or username@remote_server_hostname. Therefore all your friends can have their own instance of such service and you still can talk with them (no need of having an account on each server), resulting in a grid of SIP servers communicating between them.